“TrustSec” is a set of computer programs and message communications protocols providing access control and other security features developed by Cisco Systems, Inc., San Jose, Calif., with the goal of providing self-defending networks. TrustSec introduced the concept of peer authentication and authorization between network devices. TrustSec is designed to determine, based on policies and roles assigned to users and devices in the network, whether access to a secure and trusted network can be granted or restricted.
A Cisco TrustSec (CTS) network comprises network devices and end-hosts. In a CTS network, each network device authenticates its neighbor to an authentication, authorization and accounting (AAA) server. During the authentication process, the device sends an authentication request to the AAA server and retrieves from the AAA server authorization policies pertaining to the neighbor. The authentication and authorization may occur within the same protocol exchange or within a separate protocol exchange.
A neighbor can be either another network device or an end-host. A secure link between network devices or a network device and an end-host has associated security properties, such as encryption and authorization schemes. By performing peer authentication and authorization, and by establishing trust relationships with other entities in a trusted network, a neighbor becomes a part of a trusted domain or “cloud.” Messages exchanged during the AAA process comprise various characteristics specific to the secure and trusted relationships that are established in the trusted cloud.